lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 11 Nov 2003 18:49:57 +0300
From: r00t@...eam.ru
To: bugtraq@...urityfocus.com
Subject: PHP-Coolfile version 1.4 unauthorized access


/************************************
**---------------------------------**
**   RusH security team advisory   **
**---------------------------------**
**          www.rsteam.ru          **
**        http://rst.void.ru       **
************************************/

/***********************************/
 Product: PHP-Coolfile
 Version: 1.4
 Vuln: unauthorized access
 OffSite: http://dcom.bip.ru/coolfile/
/***********************************/
 Date: 11/11/2003
 Author: 1dt.w0lf // RsT
/***********************************/

Problem:
========
 Bug found in action.php file (string 96):

 [scip]
 if (@$action == "edit") { edit_file($file, $basename, @$filename); }
 if (@$action == "copy") { [scip] }
 if (@$action == "print_chmod") { [scip] }
 elseif ((@md5($uin) != session_id()) | (!@...n)) { print "Access denied!"; } # 96 string 
 [scip]

 last string (96) don't work if $action="copy" or any other...

Overview:
=========
 Any can view config.php file and get administration login and password

 Example: 
 www.site.com/php-coolfile/action.php?action=edit&file=config.php 

Solution:
=========
 1. Delete 96 string.
 2. copy this code in 23 string of action.php file
    if ((@md5($uin) != session_id()) OR (!@...n)) { print "Access denied!"; exit; }

/***********************************/
 U can view RU version of this text 
 on our site http://www.rsteam.ru
/***********************************/
 Contacts:
 1dt.w0lf - idtwolf@...em.net
 RusH team - r00t@...eam.ru
/***********************************/






Powered by blists - more mailing lists